| VID |
28802 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Mozilla Firefox which is older than 3.6.2 has been installed on the host. Mozilla is an open-source based Web browser, developed by the Mozilla project. Mozilla Firefox versions 3.6.x prior to 3.6.2 are vulnerable to multiple vulnerabilities.
- The WOFF decoder contains an integer overflow in a font decompression routine. (MFSA 2010-08)
- Deleted image frames are reused when handling 'multipart/x-mixed-replace' images. (MFSA 2010-09)
- The 'window.location' object is made a normal overridable object. (MFSA 2010-10)
- Multiple crashes can result in arbitrary code execution.(MFSA 2010-11)
- A cross-site scripting issue when using 'addEventListener' and 'setTimeout' on a wrapped object. (MFSA 2010-12)
- Documents fail to call certain security checks when attempting to preload images. (MFSA 2010-13)
- It is possible to corrupt a user's XUL cache.(MFSA 2010-14)
- The asynchronous Authorization Prompt is not always attached to the correct window. (MFSA 2010-15)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.mozilla.org/security/announce/2010/mfsa2010-08.html
http://www.mozilla.org/security/announce/2010/mfsa2010-09.html
http://www.mozilla.org/security/announce/2010/mfsa2010-10.html
http://www.mozilla.org/security/announce/2010/mfsa2010-11.html
http://www.mozilla.org/security/announce/2010/mfsa2010-12.html
http://www.mozilla.org/security/announce/2010/mfsa2010-13.html
http://www.mozilla.org/security/announce/2010/mfsa2010-14.html
http://www.mozilla.org/security/announce/2010/mfsa2010-15.html
http://blog.mozilla.org/security/2010/03/18/update-on-secunia-advisory-sa38608/
* Platforms Affected:
Mozilla Project, Firefox versions 3.6.x prior to 3.6.2
Microsoft Windows Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Firefox (3.6.2 or later), available from the Mozilla Firefox Download Web page at http://www.mozilla.org/products/firefox/ |
| Related URL |
CVE-2010-0164,CVE-2010-0165,CVE-2010-0167,CVE-2010-0168,CVE-2010-0169,CVE-2010-0170,CVE-2010-0171,CVE-2010-0172,CVE-2010-1028 (CVE) |
| Related URL |
38298,38919,38920,38921,38922,38927,38939,38944,38946 (SecurityFocus) |
| Related URL |
(ISS) |
|
